University of Calgary Ransomware Attack: 5 Lessons To Learn

The University of Calgary paid a $20,000 bitcoin ransom (about $16,000 U.S.) to get its data back from hackers because it had no choice. More than 100 computers were affected by ransomware, which essentially shut down the network. The university wasn’t well-prepared so it was either pay or halt operations.

If your company is online, it’s at risk for ransomware — it’s rampant this year! Do these five things so you can shrug it off instead of pay:

The key is restricting access to data and properly managing your security. If your organization manages critical data like health records, it’s all the more important because you’re more likely to be targeted. In the Calgary case it appears the ransomware got onto computers through a spear-phishing email campaign, which is common.

1. Follow a needs-based policy for data access.
Don’t give everyone at your company access to data they don’t really need or don’t need often. Explain to your team members that this policy reduces your exposure to ransomware and other hacks that get into the network through connected devices. More connected devices, more risk.

It’s not difficult to develop a process that allows your employees to request access to data and have that access approved quickly — it won’t slow down productivity. For example, your marketing department probably doesn’t need access to sales data all of the time — just occasionally. So when someone in marketing needs to prepare a presentation, they request sales data access for two weeks. The sales data is only open to the extra devices for that short period.

2. Use different accounts for different purposes.
People on the IT team should do their high level network and system administration work from a different account than the one they use for day-to-day activity. If you’re researching, surfing the Web or doing other non-critical work, do it from an account that doesn’t have administrator privileges. Then when it’s time to access administrator-level data, switch accounts. Once you’re finished with the work, log out of the administrator account and back into the lower-level account.

This simple change in habit can greatly reduce the likelihood that administrator-level data will be hacked, stolen or ransomed.

3. Increase the frequency of your backups.
If someone locks up your data and you have a backup from an hour ago, how likely are you to pay a ransom? So back up a lot! Scheduling backups multiple times a day or more frequently is not difficult. The more recent your recovery point, the less you’ll be affected by your data being encrypted by a hacker.

4. Encrypt your backups and ship them off site.
All of your backups should be encrypted — by you! Not the hackers. Quality backup tools have this feature. When you encrypt your backups you prevent hackers from corrupting them along with your other files. You can’t restore from a backup that’s also being held hostage! Better yet, store your encrypted backups offsite.

5. Segment your network.
This item on the list requires you to engage IT pros. Most businesses run on a flat network, which means that everything employees access is on the same network, or in the same IT neighborhood. Creating a segmented network means you’re creating doors within your neighborhood — you can put a security guard at each door, too. Then every time someone or something tries to go through a door, it’s a new opportunity to ensure they’re supposed to be there. You can segment your network based on roles, data type, device or other categories — whichever way works best for your organization.

You can also program your security guards to look for whatever criteria you want them to. This way, if Andrew gets ransomware on his computer because he opened a hacker’s email, it will be restricted to the network he’s using.

IT pros like the frogs at Leapfrog make network segmentation seamless so our clients’ users don’t know they’re moving from one network segment to another. We can also help you implement each of the items above. Our goal is to manage your IT so your company is as prepared as possible for a ransomware attack — and for everything else the big bad Internet can throw at your IT ecosystem.

You may also be interested in: